Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/oAQbc7e5xC1GEdxN3e0gpd6isJc.roa
File:                     oAQbc7e5xC1GEdxN3e0gpd6isJc.roa (raw, json)
Hash identifier:          EpNAPaM5v5pIwKbv54j32anzeSgMzbAB4ScT24Zr/1E=
Subject key identifier:   A0:04:1B:73:B7:B9:C4:2D:46:11:DC:4D:DD:ED:20:A5:DE:A2:B0:97
Certificate issuer:       /CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
Certificate serial:       019425FC02A47757BBBA01F080157A9F78F0
Authority key identifier: 0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/oAQbc7e5xC1GEdxN3e0gpd6isJc.roa
Signing time:             Thu 02 Jan 2025 07:47:40 +0000
ROA not before:           Thu 02 Jan 2025 07:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.124.150.0/24 maxlen: 24
                          185.124.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:02:a4:77:57:bb:ba:01:f0:80:15:7a:9f:78:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
        Validity
            Not Before: Jan  2 07:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0041b73b7b9c42d4611dc4ddded20a5dea2b097
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:26:72:49:96:49:63:a5:15:75:f8:e9:10:bf:
                    44:27:2a:1e:98:12:a3:c5:5b:8e:95:5d:18:cd:7c:
                    a1:12:a3:77:c1:f9:19:60:ff:02:e8:e0:4d:75:56:
                    1c:97:e9:f4:2c:d7:b5:82:dd:0b:a6:44:31:69:26:
                    5b:18:3e:32:24:f5:92:52:ed:64:08:33:8f:4f:40:
                    62:6f:0c:42:49:df:6f:e0:4f:1c:8d:bd:30:4f:94:
                    37:a1:03:05:6b:b2:39:00:fe:4e:c0:dc:73:ed:70:
                    85:03:fe:8b:56:72:e8:8f:34:32:30:47:ff:35:a0:
                    13:13:39:3a:53:fe:f2:e1:a3:46:75:79:b1:b4:10:
                    08:f8:ba:05:ff:c8:6f:1d:a0:48:9f:51:35:7e:56:
                    36:72:e5:e4:46:40:96:32:b8:f3:b9:48:9d:7f:fd:
                    55:cc:3d:06:ea:1a:a8:26:5f:de:92:56:42:b3:cd:
                    b8:cc:ac:14:d7:01:dc:4d:6e:88:b9:f8:85:b9:5e:
                    1b:37:45:a6:2b:19:8d:21:2b:51:12:43:bf:dc:6b:
                    1f:e0:0e:3e:d6:a0:17:34:fb:86:90:f1:a4:8e:26:
                    96:71:a5:66:0f:b8:9b:be:0a:0f:ee:e3:98:88:39:
                    bd:7c:b5:29:cf:f4:e5:86:71:17:7a:67:3a:59:8c:
                    41:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:04:1B:73:B7:B9:C4:2D:46:11:DC:4D:DD:ED:20:A5:DE:A2:B0:97
            X509v3 Authority Key Identifier:
                keyid:0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/oAQbc7e5xC1GEdxN3e0gpd6isJc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:3a:8b:d8:b2:7b:19:ea:ef:8b:28:d8:fd:dd:2c:1c:6e:fa:
         f9:a0:38:68:9f:30:dc:a1:15:da:ff:b3:46:4d:ef:43:40:f1:
         39:70:fc:7c:42:18:1e:43:ae:33:a2:16:1f:8d:5b:bb:5b:3e:
         35:dd:4b:cb:f9:b3:b9:bc:e7:27:40:3e:b7:a1:5e:a5:86:0e:
         db:9f:ae:79:b5:56:f8:f8:3b:b0:a4:85:f6:09:08:aa:91:91:
         eb:ab:4d:73:c3:bf:ee:5f:f1:0c:0e:05:31:38:46:c2:f5:a0:
         50:33:b2:33:d9:2a:26:2d:89:fa:ba:5f:2c:07:cc:26:14:4a:
         3c:de:01:61:3e:65:c8:88:e4:53:52:08:2b:e1:b3:b2:d7:f4:
         24:15:1c:c8:62:d9:2c:c9:02:d0:41:da:dd:96:97:af:ef:ff:
         d1:7d:a7:8b:cd:d1:f6:9f:06:ff:56:ba:9c:61:6b:00:fd:1d:
         ae:af:89:a0:97:2e:2b:08:14:fa:ce:5c:6e:82:36:ff:4e:5a:
         a5:ba:3d:fe:ef:59:bc:29:3f:05:a1:a7:78:21:31:fb:8e:f6:
         5c:f9:f7:5a:3b:0b:f8:8b:df:ed:b2:0c:13:3e:df:22:08:b1:
         92:d8:fb:5c:f0:a8:dc:2d:fe:c6:1f:35:41:37:10:d7:39:37:
         08:75:90:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/AKkd1e7ugHwgBV6n3jwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMmY4YjJiOTQ3MjFlOTI4ZjYxODhiNWNmMTUwNTMxNDRk
ZWRmOGMwHhcNMjUwMTAyMDc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDA0MWI3M2I3YjljNDJkNDYxMWRjNGRkZGVkMjBhNWRlYTJiMDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSZySZZJY6UVdfjpEL9EJyoemBKj
xVuOlV0YzXyhEqN3wfkZYP8C6OBNdVYcl+n0LNe1gt0LpkQxaSZbGD4yJPWSUu1k
CDOPT0BibwxCSd9v4E8cjb0wT5Q3oQMFa7I5AP5OwNxz7XCFA/6LVnLojzQyMEf/
NaATEzk6U/7y4aNGdXmxtBAI+LoF/8hvHaBIn1E1flY2cuXkRkCWMrjzuUidf/1V
zD0G6hqoJl/eklZCs824zKwU1wHcTW6IufiFuV4bN0WmKxmNIStREkO/3Gsf4A4+
1qAXNPuGkPGkjiaWcaVmD7ibvgoP7uOYiDm9fLUpz/TlhnEXemc6WYxBewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAEG3O3ucQtRhHcTd3tIKXeorCXMB8GA1UdIwQY
MBaAFA8viyuUch6Sj2GItc8VBTFE3t+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2Mt
NzIyNmE4ODQ1ZTAxLzEvb0FRYmM3ZTV4QzFHRWR4TjNlMGdwZDZpc0pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2MtNzIyNmE4ODQ1ZTAx
LzEvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXyWMA0G
CSqGSIb3DQEBCwUAA4IBAQBbOovYsnsZ6u+LKNj93Swcbvr5oDhonzDcoRXa/7NG
Te9DQPE5cPx8QhgeQ64zohYfjVu7Wz413UvL+bO5vOcnQD63oV6lhg7bn655tVb4
+DuwpIX2CQiqkZHrq01zw7/uX/EMDgUxOEbC9aBQM7Iz2SomLYn6ul8sB8wmFEo8
3gFhPmXIiORTUggr4bOy1/QkFRzIYtksyQLQQdrdlpev7//RfaeLzdH2nwb/Vrqc
YWsA/R2ur4mgly4rCBT6zlxugjb/Tlqluj3+71m8KT8Foad4ITH7jvZc+fdaOwv4
i9/tsgwTPt8iCLGS2Ptc8KjcLf7GHzVBNxDXOTcIdZBs
-----END CERTIFICATE-----